Hackers are using fake coding jobs to spread malware through GitHub

The malware at the center of it, dubbed Omnistealer by investigators, uses public blockchains not just for payments, but as ...
The Hacker News

DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials

DeepLoad exploits ClickFix and WMI persistence to steal credentials, enabling stealth reinfection after three days.
Hoodline

Fake CAPTCHA Scam Tricks Windows Users Into Installing Password-Snatching Malware

Fake CAPTCHA pages can install the StealC infostealer. Don't paste or run commands; disconnect and change passwords.
PCMag

Think Face ID Is Secure? This Cyber Expert Just Proved Otherwise

At RSAC 2026, a live demo showed how easily AI tools can bypass facial recognition systems once considered secure.

A simple coding mistake is exposing API keys across thousands of websites

A large-scale study has revealed that websites are unintentionally exposing API keys tied to services like AWS, Stripe, and OpenAI, with most leaks traced back to publicly accessible JavaScript files.
PCMag

Update Your iPhone Now: 'DarkSword' Leak Puts Millions at Risk of Hacks

Have you been dragging your feet on the update to iOS 26? You might want to do it now to fend off the 'DarkSword' attack ...

Exposing a global ‘rape academy’

CNN exposes an online network of men encouraging each other to drug and assault their partners, and swap tips on how to get ...

Ai2 releases open-source visual AI agent that can take control of web browsers

Allen Institute for AI, a prominent Seattle-based nonprofit research organization working on advancing artificial ...
WinBuzzer

GhostClaw Fake OpenClaw Installer Steals macOS Dev Credentials

JFrog has uncovered GhostClaw, a fake OpenClaw npm package that stole Keychain passwords, cloud credentials, and crypto ...
Blockonomi

OpenClaw Developers Hit by GitHub Phishing Campaign Designed to Drain Crypto Wallets

OX Security exposes a GitHub phishing campaign targeting OpenClaw developers with fake $CLAW airdrops and a cloned site built ...
Dark Reading

GlassWorm Malware Evolves to Hide in Dependencies

Dozens of updated, malicious GlassWorm extensions have infested Open VSX, threatening software development supply chains.